Every CVE whose affected-product data names Socket Socket.io, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2017-16031 — CVSS 7.5 (high): Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on…
CVE-2020-28481 — CVSS 5.3 (medium): The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.